Linux

August 23, 2025
in Blog, Linux
5 min read

Linux: Backup and Recovery

Basics

. refers to the current directory

.. refers to the parent directory of the current directory

~ refers to the home directory

Archiving

Archiving combines multiple files into one package, making them easier to backup, transfer, or organize. tar and cpio are popular tools used for archiving.

tar

tar packages multiple files or directories into a single archive file. The syntax is tar [OPTIONS] <ARCHIVE NAME> [FILE1 FILE2, DIR1...]. Common options includes:

-c to create an archive
-x to extract files
-t to list the contents of an archive
-v for verbose output
-r to append files to an existing archive
-f to specify te archive file name
-z for gzip
-j for bzip2
-J for xz

ex:

tar -czvf backup.tar.gz data/ # to create an archive of the data/ directory using gzip

cpio (copy in/out)

cpio get the list of file to archive from another command like find or ls. The general syntax using find is find [FILES] | cpio -ov > [ARCHIVE NAME].cpio. The following are the main 3 modes:

-o to create an archive (copy-out)
-i to extract and archive (copy-in)
-p to copy files (copy-pass)

additional options:

-d to create directories as needed
-v for verbose output
-u to override existing files
-t to list archive content

ex:

find /configs -type f | cpio -o > config_bk.cpio # to create an archive

cpio -id < backup.cpio # to extract an   archive

cpio -it < backup.cpio # to list the content of the archive

find data/ -name "*.conf" | cpio -pvd /backups/configs # to copy files

Compression Tools

Compression tools helps shrink files size.

gzip

gzip is widely used for its speed and simplicity. It uses the .gz format. For backup it is recommended to use tar + gzip (-cvfz). Common options include

-d to decompress files
-f to override files without asking
-n to skip storing the original file name and timestamp
-N to save the original file name and timestamp
-q for quiet mode
-r to compress directories recursively
-l to show statistics
-t to test the integrity of the compressed file
-v for verbose mode
-1...-9 to specify compression level

ex:

gzip myfile.txt # to compress a file and delete the original

gzip -k myfile.txt # to compress a file and keep the original

gzip -k myfile1.txt myfile2.txt myfile3.txt # to compress a file and keep the original

gzip -vr /var/log/ # to compress the content of the folder with verbose output

gzip -9 image.iso # to compress with maximum level (levels range 1-9 default is 6)

zcat myfile.txt.gz # to view compress file content

gunzip myfile.txt.gz # to uncompress an archive

bzip2

bzip2 offers a better compression but slower to complete compare to gzip. The syntax is bzip2 [OPTIONS] <FILE NAME>

bzip2 is used for compressing files
bunzip2 to uncompress files
bzcat to view content of a compressed file without extracting it
bzip2recover to attempt to recover data from a damaged archive
bzless and bzmore to scroll through compressed text files one page at a time

ex:

bzip2 myfile.txt # to compress a file and delete the original file

bzip2 -k myfile.txt # to compress a file and keep the original file

bunzip2 myfile.txt.bz2 # to decompress a file

bzip2 -t myfile.txt.bz2 # to test the integrity of a compressed file

bcat myfile.txt.bz2 # to list the content of a compressed file

xz is a newer compression tool that offers a higher compression but is even slower than gzip and bzip2. It is great for archiving files that do not change often. The syntax is xz [OPTIONS] <FILE NAME>. Command options include:

-d to decompress an compressed archive
-f to override files
-q for quite mode
-v for verbose mode
-t to test compressed file

ex:

xz myfile.txt # to compress a file and delete the original file

xz -k myfile.txt # to compress a file and keep the original file

xz -d myfile.txt.xz # to decompress a file

unxz myfile.txt.xz # to decompress a file

xz -t myfile.txt.xz # to test the integrity of a compressed file

xz -l myfile.txt.xz # to list the content of a compressed file

7-Zip

7-Zip is used where compatibility with Windows system is needed. It is more flexible because it handles multiple archive format like .7z, .zip, and .tar. It is usually available through the p7zip package. Common options include:

-a to add files to an archive
-x to extract files from an archive
-l to list archive content
-t to test an archive
-d to delete files from an archive

ex:

7z a backup.7z file1 file2 data/ # to create a compressed archive

7z x backup.7z # to extract a compressed file

7z l backup.7z # to list the content of a compressed file

7z t backup.7z # to test a compressed file

7z a -mx=9 backup.7z image.iso

Data Recovery

dd (data duplicator)

dd copy data at the block level and is useful for creating exact images of disks or partitions. It is commonly used for disk cloning, creating bootable USB drive, doing backup and restore, and wiping disks. The basic syntax is dd if=<INPUT FILE> of=<OUTPUT FILE> [OPTIONS]. Common options include:

if= input file/device
of= output file/device
bs= block size. The default is 512 bytes
count= number of blocks to copy
skip= number of input blocks to skip
seek= number of output blocks to skip before writing
status=progress to show progress
conv=noerror,sync to copy pass read error in bad blocks.

ex:

dd if=image.iso of=/dev/sdb1 bs=4M status=progress # to create a bootable USB drive

dd if=/dev/sda of=diskA.img bs=1M status=progress # to create a disk image

dd if=diskA.img of=/dev/sda bs=1M status=progress # restore data from an image

dd if=/dev/zero of=/dev/sdb bs=1M status=progress # to completely erase a disk

dd if=/dev/zero of=test_file bs=1G count=1 oflag=dsync # to test the write speed of a disk

ddrescue

ddrescue is used to recover data from damaged drives. The basic syntax is dd [OPTIONS] <INPUT FILE> <OUTPUT FILE> <LOG FILE>

ex:

ddrescue /dev/sdb damaged.img rescue.log # to attempt rescuing /dev/sdb

rsync

rsync is used to synchronize files and directories over the network. After the first copy, it copies only differential changes in subsequent copy. The basic syntax is rsync [OPTIONS] <SOURCE> <DESTINATION>. Important options are:

-r# to copy recursively
-a# to copy in archive mode preserving permissions, symblinks, and timestampts
-n# to see what would be copied (Dry run)
-z# to enable compression during transfer
-h# to see a human-readable output
-v# for verbose mode
--progress# to show progress
--delete# to remove files in destination that are not present in the source

ex:

rsync -avh /home/user/ /mnt/backup/user # to copy user directory with all attributes preserved

rsync -avh user@server:/data/ /home/user/data/ # to sync from remote server to local

rsync -avh --bwlimit=4000 /home/user/ user@server:/backup/ # with a bandwidth limit = 4000KB/s

Compressed File Operations

zcat

zcat displays the full content of a compressed file.

zcat myfile.txt.gz # to show the content of the compressed file

zless

zless allows scrolling through the content of a compressed file interactively

zless myfile.txt.gz # to show the content of the compressed file in a scrollable mode

zgrep

zgrep allows searching through compressed data. The syntax is zgrep [OPTIONS] <SEARCH PATTERN> <FILE NAME> Common options include:

-i # to make the search case-insensitive
-n # to show line numbers
-v to show lines that do not match the query

ex:

zgrep "ERROR" logs.gz # to search for lines containing text 'ERROR'

zgrep -i "failed password" /var/log/auth.log.1.gz # to find all login attempts

August 19, 2025
in Blog, Linux
7 min read

Linux: Network Services and Configurations

Basics

Linux uses a layered approach (local files and external resources) to figure out how to resolve internal and external system names.

/etc/hosts
/etc/resolv.conf
/etc/nsswitch.conf

/etc/hosts

/etc/nosts is a plain text file where we manually map hostname to IP addresses so the system can resolve names without relying on DNS. It is useful for environment where DNS is not available.

ex:

192.168.1.101 server1.local

192.168.1.102 server2.local

/etc/resolv.conf

/etc/resolv.conf tells Linux which DNS servers to use when resolving names that are not listed in /etc/hosts. It is useful for troubleshooting internet related issues or the system cannot resolve external domain names.

/etc/nsswitch.conf

/etc/nsswutch.conf controls the order in which the system tries different methods to resolve names and other data.

hosts: files dns # check local /etc/hosts first before querying external DNS

hosts: dns files # check external DNS first before checking local /etc/hosts

NetworkManager

nmcli

nmcli is a command line interface for interacting with NetworkManager, allowing admin to monitor and manage network connections on Linux.

nmcli device status # to show the status of all devices

nmcli general status # to check overall networking health

nmcli connection show # to lists configured connections

nmcli connection up <CONNECTION-NAME> # to activate a specific network connection

nmcli connection don <CONNECTION-NAME> # to deactivate a specific network connection

nmcli connection edit <CONNECTION-NAME> # to open an interactive editor for detailed changes

nmcli connection reload # to reload the settings after editing

nm-connection-editor is a GUI tool for editing NetworkManager connection profiles without needing to use the command line. Just type nm-connection-editor in the terminal to start the GUI.

.nmconnection is a configuration file used by NetworkManager to store settings for a specific network profile. They are located in /etc/NetworkManager/system-connections/

Netplan

Netplan is the default tool used to configure and manage network settings in Debian Linux. It uses YAML files to centralize network configurations.

Configuration Files

Network configuration files are written in YAML. They are stored in /etc/netplan/ directory. Configurations are not applied automatically. They must be activated before they take effect.

ex:

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses: [192.168.1.50/24]
      gateway4: 192.168.1.1
      nameservers:
        addresses: [8.8.8.8, 1.1.1.1]

This tells netplan to configure a static IP address on eth0.

netplan try

netplan try is used to try a new network configuration temporarily, with a built-in safety mechanism. This commands applies changes for 120 seconds by default before reverting the configuration if not confirmed.

netplan apply

netplan apply is used to permanently apply changes made in the configuration files. This command reads the configurations from /etc/netplan/, applies the changes to the system, and activates the associated network interfaces.

netplan status

netplan status verifies which configuration is active, which interfaces are managed by which renderer, and their current settings.

IP Network Management Tool

`ifconfig`

ipconfig is a legacy tool used to configure ip network on Linux system. It is getting deprecated in for of ip command suite.

ex:

ifconfig # to view currently active network interface.

`ip address`

ip address is used to view and manage IP address configuration of system network interfaces.

ex:

ip address show # to view ip address configuration. or simply "ip a"

ip address show dev eth0 # to view ip address config of interface eth0

ip address add 192.168.1.100/24 dev eth0 # to add a ip address to eth0

ip address del 192.168.1.100/24 dev eth0 # to delete a ip address to eth0

ip address flush dev eth0 # to flush all ip addresses from eth0

`ip link`

ip link focuses on network interface link layer (Layer 2 of the OSI model)

ip link show # to view interfaces

ip link set eth0 up # to bring interface up

ip link set eth0 down # to bring interface down

ip link set eth0 mtu 9000 # to change the MTU

ip link set eth0 dev eth0 address 12:23:34:45:56:67 # to change the MAC address of the NIC

`ip route`

ip route is used to display and manage the kernel's routing table, which determines how network traffic is forwarded.

ip route add 10.0.0.0/24 via 192.168.1.99 # to add a network route

ip route add 172.16.0.0/16 via eth1 # to add a network route via an interface

ip route add default via 192.168.1.1 # to add a default route

ip route del 10.0.0.0/24 # to delete a route

Network Configuration Tools

hostname

hostname is used to view or set the system's network name. Use hostnamectl set-hostname server1 to permanently set the hostname of the system to server1.

arp

arp is used to show or manage the system's Address Resolution Protocol (ARP) table.

arp -n # to all arp cache

arp -a # to display all arp entries

arp -s 192.168.1.10 12:23:34:45:56:67 # to set a static entry

arp -d 192.168.1.10 # to delete an entry

ethtool

ethtool is used for querying and configuring Ethernet network interface configurations. It is used to query driver information, test link status, change interface speed, and change duplex settings.

ex:

ethtool eth0 # to view NIC details such as speed, duplex mode, link status, and firmware info

ethtool eth0 | grep "Link detected" # to check the link status

ethtool -s eth0 autoneg on # to enable speed auto negotiation

ethtool -s eth0 autoneg off # to disable speed auto negotiation

ethtool -s eth0 speed 100 duplex full # to set the speed and duplex mode

ethtool -t eth0 # to test the link

ethtool -S eth0 # to display statistics

Network Connectivity Tools

ping/ping6

ping is used to test basic reachability and round-trip response time to remote systems over IPv4. The syntax is ping <DESTINATION>

ex:

ping 192.168.1.1 # to send ICMP echo request to IP address

ping mysite.com # to send ICMP echo request to hostname

ping -c 3 mysite.com # to send 3 ping

ping -c 4 -i 2 mysite.com # to send 4 ping with a 2 second interval between each ping

ping -s 1400 mysite.com # to send pings with 1400-byte payloads

ping6 is used to test basic reachability and round-trip response time to remote systems over IPv6.

traceroute

traceroute shows the full path packets take to a destination. The syntax is traceroute <DESTINATION>

ex:

traceroute mysite.com # to see all hops along the path including response time

traceroute -I mysite.com # to use ICMP instead of UDP

traceroute -T -p 80 mysite.com # to use TCP port 80

traceroute -m 10 mysite.com # to limit number of hops to 10

traceroute -q 2 mysite.com # to change number of probe packet per hop. Default is 3

tracepath

Similar to traceroute but does not require root privilege. The syntax is tracepath <DESTINATION>.

ex:

tracepath -m 15 google.com # to set the maximum number of hops

mtr

mtr is a short for My Traceroute. it combines the functions of both ping and traceroute into a live, interactive view of each network hop. The syntax is mtr mysite.com.

ex:

mtr mysite.com

iperf3

iperf3 is an advanced tool used to test actual network throughput between systems and assess bandwidth performance under real conditions. The general syntax is iperf3 -c <DESTINATION>.

ex:

iperf3 -s # to start the server

iperf3 -c 192.168.1.50 # to test client

iperf3 -c 192.168.1.50 -t 60 # to test client for 60 seconds

iperf3 -c 192.168.1.50 -P 8 # to set 8 parallel streams

iperf3 -c 192.168.1.50 -J # to output JSON

Network Scanning and Traffic Analysis Tools

ss

ss is the quickest way to look at the sockets the system is using.

ss -t # to show all TCP connections

ss -u # to show all UDP connections

ss -l # to show listening sockets only

ss -a # to show all connections

ss -p # to show processes using sockets

ss -lnt src :22 # to show SSH connections

nc (netcat)

nc or netcat is a tool to talk to network services.

nc mysite.com 80 # to connect to the host on port 80

nc -l -p 2345 # to listen for connections in server mode

tcpdump

tcpdump is used for network traffic capture and analysis.

tcpdump -i eth0 # to capture packets from eth0

tcpdump -i eth0 -c 100 -w netlog.pcap # to capture first 100 packets from eth0 and write to a file

tcpdump -i eth0 # to capture packets from eth0

tcpdump -i eth0 tcp # to capture only TCP

tcpdump -i eth0 udp # to capture only UPD

nmap (Network Mapper)

nmap is a reconnaissance tool used to scan networks.

ex:

nmap 192.168.0.50 # to scan a single host

nmap 192.168.0.50 192.168.0.51 # to scan multiple hosts

nmap -p 80,443 192.168.0.52 # to scan host or network for specific ports

nmap -p 1-3000 192.168.1.55 # to scan a host for a range of ports

nmap -sV 192.168.1.50 # to detect services running on the host

nmap -O 192.168.1.50 # to guess OS running on the host

nmap -sS -p 22,80,443 -T4 -Pn 192.168.10.0/24 # to scan the network for hosts with open common ports (22, 80,and 443)

nmap -sS 192.168.0.55 # to perform a half open SYN scan which is faster and stealthier

nmap -F 192.168.0.60 # scan top 100 ports

nmap -Pn 192.168.0.55 # scan without ping

nmap --script=vuln 192.168.0.55 # to run vulnerability scan

DNS Tools

nslookup

nslookup is used to look up domain names. nslookup <DOMAIN> [DNS SERVER].

ex:

nslookup # enter the interactive mode

nslookup mysite.com # to query a domain records

nslookup -type=A mysite.com # to query specific record type such as A,AAAA,MX,TXT

nslookup mysite.com 9.9.9.9 # to query using a specific DNS server

dig (Domain Information Groper)

dig is used to get the full DNS exchange when looking up for domain names. It is more powerful than nslookup. dig [@SERVER] <DOMAIN> [TYPE] [OPTIONS]

ex:

dig mysite.com # to lookup a simple domain name

dig mysite.com AAAA # to query a specific record type

dig mysite.com +short # to obtain a short output

dig -x 88.89.90.91 # to perform a reverse DNS lookup

dig @8.8.8.8 mysite.com # to query using a specific DNS server

resolvectl

resolvectl is a DNS resolver service in systemd. resolvectl <VERB> [ARGUMENTS]

ex:

resolvectl query mysite.com # to query DNS

August 17, 2025
in Blog, Linux
5 min read

Linux: Containers

A container is a lightweight, portable environment that that packages an application along with everything it needs to run, including applications. library, and configuration files.

The container runtime is the software responsible for running and managing those containers.

There are many runtimes to choose from:

runC
containerd
Docker
Podman

Basics

`runC`

runC is a lightweight command line tool that creates and runs containers directly from the command line.

`containerd`

It is runtime that handles the entire lifecycle of containers. Uses runC under the hood but provide high level APIs.

Docker

A popular runtime that includes everything needed to build, run, and manage containers. It uses runC and containerd under the hood.

Podman

Podman is like Docker but designed to run without a central daemon. It works the same way as Docker and most Docker commands work with Podman. Podman supports running containers as a regular user without needing root privileges.

Building an Image

FROM

FROM tells what base image to start with; which operating system and environment the container will be build on top of.

ex:

FROM python:3.11-slim

to start with a Debian Linux that comes with Python 3.11 installed.

USER

USER defines who inside the container will run the remaining commands and processes.

ex:

RUN useradd -m appuser # to create a user

USER appuser # process subsequent command under this user

ENTRYPOINT

ENTRYPOINT defines the main command that will always run when the container starts.

ex:

ENTRYPOINT ["python", "app.py"] # to run this command every time the container starts

CMD

CMD provides default arguments to the ENTRYPOINT, or acts as the command to run if no ENTRYPOINT is set.

ex:

CMD ["--debug"] # to include a default option. So the container will run "python app.py --debug" by default

Example of Dockerfile

Dockerfile

FROM python:3.11-slim

RUN  useradd -m appuser

USER appuser

COPY app.py /home/appuser/app.py

WORKDIR /home/appuser

ENTRYPOINT ["python", "app.py"]

CMD ["--debug"]

then:

docker build -t myapp . to build the image
docker run myapp to start the container and run the app
docker run myapp --test to override CMD line and start the container

Image Retrieval and Maintenance

An container image contains the application code and everything needed to run it.

Image Pulling

Image pulling is the process of downloading a container image from a remote registry to local machine so it can be used to run containers. The general syntax is docker pull <IMAGE-NAME>[:TAG]. The latest tag is pull if the TAG is omitted.

ex:

docker pull ubuntu:20.04 # to pull Ubuntu image with tag 20.04

Image Tags

Tags are labels attached to container images that help identify versions or variants.

ex:

docker pull nginx:latest # to pull the latest version of nginx

Image Layers

Layers are the building blocks of container images. When pulling an image, docker pulls only images that are not previously pulled to increase efficiency.

Image Pruning

Pruning is the process of cleaning up unused containers, images, networks, and volumes to free up space.

Run:

docker system prune # to prune the system

Container Lifecycle Management

Run

docker run is used to create a new container from an image and start it immediately.

ex:

docker run -it ubuntu:20.04 bash # to create and start a Ubuntu:20.04 container with interactive bash shell

Start and Stop

docker start <CONTAINER-NAME> to start a container if it is stopped.

docker stop <CONTAINER-NAME> to stop a container if it is running.

ex:

docker start web-app # to start the container named "web-app"

docker stop web-api # to stop the container named "web-api"

Delete

docker rm is used to delete stopped container that is no longer needed. docker rm <CONTAINER-NAME or ID>

ex:

docker rm webapp-test # to permanently delete a stopped container named "webapp-test"

Prune

docker system prune is used to remove unused resources and free up space. Use -f flag to skip user prompt.

Container Inspection and Interaction

Environment Variables

They are used to pass config variables into a containers at startup. The general syntax is docker un -e <KEY>=<VALUE> <IMAGE-NAME>

ex:

docker run -e NODE_ENV=production node:18

Read Container Logs

Use docker logs <CONTAINER-NAME or ID> to see container logs.

ex:

docker logs web-api # to see the container output and error stream

Inspect Containers

Inspecting a container gives a detailed view of a container's configuration, network settings, mounted volumes, environment variables, an more. Use docker inspect <CONTAINER-NAME or ID> to inspect a container.

docker inspect web-api

Exec

exec is a command that lets users run a command directly inside a running container. The general syntax is docker exec -it <CONTAINER-NAME or ID> <COMMAND>

ex:

docker exec -it db-app bash # open bash shell in interactive mode from the db-app container

Container Storage

Mapping Container Volumes allows users to link a folder from their host machine to a folder inside the container. The general syntax is docker run -v <HOST-PATH>:<CONTAINER-PATH> <IMAGE-NAME>.

ex:

docker run -v /home/user/data:/app/data webapp

Volume Management and Operations

Create Volume

docker volume create <VOLUME-NAME>

ex:

docker volume create apidata # to create a volume named "apidata"

Map Volume

Mapping the volume connects the volume created to a specific location inside a container. docker run -v <VOLUME-NAME>:<CONTAINER-PATH> <IMAGE-NAME>

ex:

docker run -v apidata:/app/data webapi

Prune Volume

Use docker volume prune to remove unused volumes.

Network Management Operations

Create Network

A virtual network gives containers a way to interact with each other or with the outside world securely and efficiently. The general syntax is docker network create [OPTIONS] <NETWORK-NAME>.

ex:

docker network create --driver bridge apps-net # to create a bridge type network named apps-net

Port Mapping

Port Mapping allows containers to communicate with the outside world. The general syntax to map port is docker run -p <HOST-PORT>:<CONTAINER-PORT> <IMAGE-PORT>.

ex:

docker run -p 8080:80 webapp

Local Networks

Bridge Network

The bridge network is the default local network mode for Docker containers on a single host. The general syntax to create a container with a bridge network is docker run --network bridge -p <HOST-PORT>:<CONTAINER-PORT> <IMAGE-NAME>.

ex:

docker run --network bridge -p 8080:80 webapi

Host Network

The host network mode allows the container to share the host system's network stack directly. The container uses the same ip address and port as the host machine. The general syntax is docker run --network host <IMAGE-NAME>

ex:

docker run --network host webapp

`none` Network

The none network mode disables networking entirely for the container. Containers with this network type cannot communicate with other containers or with the outside world. They are completely isolated. The general syntax is docker run --network none <IMAGE-NAME>

ex:

docker run --network none webapi

Advanced and Overlay Networks

IPvlan

IPvlan network driver allows containers to receive IP addresses from the same subnet as the host, while still maintaining logical isolation between containers.

Macvlan

Macvlan network driver gives each container itw own MAC address and full presence on the physical network, making containers behave like independent network nodes.

Overlay

Overlay network driver is used to link containers across multiple Docker hosts, allowing them to communicate securely and seamlessly.

August 15, 2025
in Blog, Linux
2 min read

Linux: Virtualization

Hypervisors

KVM = Kernel-based Virtual Machine
QEMU = Quick EMUlator

KVM

KVM is a built-in feature of the the Linux kernel that allows the operating system to act as Type 1 hypervisor. It runs virtual machines with their own kernel. QEMU and virsh are tools used to interact with KVM. KVM provides only the virtualization capabilities and we use QEMU or virtsh to create and manage the VMs.

QEMU

QEMU is a user space application that can emulate full hardware systems and run virtual machines entirely on its own, even without KVM (but slower). It emulates CPUs, hard drives, USB controllers, network cards, display adapters, ...

VM Architecture

VirtIO

VirtIO provides a faster, more efficient way for virtual machines to communicate with the hypervisor. To fully use VirtIO, we need paravirtualized Drivers installed within the guest OS. VirtIO provides:

virtio-net for virtual networking
virtio-blk for virtual block storage
virtio-scsi for virtual SCSi storage
virtio-fs for virtual shared storage
virtio-gpu for virtual GPU
virtio-serial for high-speed guest to host communication

These drivers allow the guest to interact directly with the virtualized hardware with high performance.

Nested Virtualization

A feature that allows a VM to act as a hypervisor itself, running other virtual machines inside it.

Operations

VM States

Common VM states are:

Running: actively consuming resources
Paused: temporarily halted
Shut off: completely powered down
Suspended: memory contents are saved to disk and the VM can be resumed later
Crashed: failed VM

We can use virsh to monitor the states of the VMs.

Disk Image Operations

A disk image is a file that acts as a virtual hard drive for a VM, storing all data of the VM. Disk image can be resized, cloned, snapshotted, or transferred easily between systems.

VM Resources

CPU: VMs are assigned virtual CPUs (vCPUs)
RAM: the amount of RAM reserved for the VM
Storage: the virtual hardware space where the OS, apps, and data are stored. Common storage format are .qcow2, raw, .vmdk
Network: VMs are assigned one or more virtual NICs (vNICs)

Network Types

NAT

NAT = Network Address Translation

VMs share the host ip when talking to the outside world. Inbound traffic from the network cannot reach the VM.

Bridged

The VM is in the same network as the host. The VM gets its own IP address in the same network as the host.

Host-only

VMs can only talk to the host machine or other VMs in the same Host-only configuration

Routed

VMs have access to other networks through a virtual router

Open

VMs see all traffic on the network and freely interact with anything it can find

VM Tools

libvirt provides a consistent API for managing common hypervisors. User can interact with libvirt via the command line using virsh or GUI with virt-manager.

August 13, 2025
in Blog, Linux
4 min read

Linux: Systemd

Basics

systemd controls how services start, stop, and interact with the system during boot and runtime.

Units

Systemd units defines how each part of the system behaves

Services: controls programs and background processes like web servers or networks service
Targets: define system states such as multi-user or graphical environments
Mounts: handle file systems and ensures disks and network shares are properly attached and available
Timers: Trigger services to run at specific times or intervals

System mount unit files are stored in:

/etc/systemd/system/ 

/usr/lib/systemd/system/

Services

Services manage daemons and applications that run in the background. The service file controls how programs start, stop, and behave under different conditions. A service unit file usually contains 3 sections:

[Unit]: Requires= and Wants= define dependencies. Before= and After= determine the order in which services start
[Service]: Type= defines process behavior. ExecStart= specifies the start command. ExecStop defines how to stop the service. Users= defines non-root execution account. If omitted, the service starts with the root user.
[Install]: WantedBy and RequiredBy= defines startup target

example:

[Unit]
Description= Start web app
After=network.target

[Service]
Type=simple
User=appuser
ExecStart=/usr/local/bin/webapp.sh
ExecStop=/bin/kill $MAINPID

[Install]
WantedBy=multi-user.target

Use the following commands to manage the service

systemctl start webapp # to start the service

systemctl enable webapp # to start the service automatically at boot time

systemctl restart webapp # to restart the service

systemctl disable webapp # to disable the service at boot time

systemctl stop webapp # to stop 

systemctl status webapp # to check the service status

journalctl -u webapp # to view the service logs

Targets

Targets defines system states by grouping units together. The common targets include:

poweroff.target
rescue.target
multi-user.target: non-graphical multi-user system
graphical.target: a full GUI session that includes everything in the multi-suer.target
reboot.target
network-online.target: used when services must wait for full network connectivity
emergency.target

here are some useful commands:

systemctl get-default # to see the current target

systemctl set-default graphical.target # to set the current target

systemctl isolate graphical.target # to immediately switch a target

systemctl list-units --type=target # to list all targets

When using WantedBy=multi-user.target, you are telling that service to start when the system reaches that target.

Mounts

Defines and automate how file systems are mounted using systemd.

example:

[Unit]
Description=Mount external drive
After=local-fs.target

[Mount]
What=/dev/sdb1 # what location to mount
Where=/mnt/drive # mount point
Type=ext4 # file system type
Options=defaults # mount options

[Install]
WantedBy=multi-user.target

Timers

They are used to schedule tasks to replace or enhance what traditional cron jobs do. They are usually paired with a service file and tells systemd when that service should be started. OnBootSect= directive defiles a delay after system boot before the timer activates. OnCalendar= allows calendar-style scheduling.

example:

[Unit]
Description=Run backup every day at 2AM

[Timer]
OnCalendar=*-*-* 02:00:00 # run at specific time
Persistent=true

[Install]
WantedBy=timers.target

Useful commands are:

systemctl list-timers # to list active timers

systemctl start work.timer # to start a timer

systemctl enable work.timer # to enable a timer at boot

systemctl stop work.timer # to stop a timer

systemctl status work.timer # to check the status of a time

Management Utilities

systemctl: It is used to manage systemd units.
hostnamectl: manages the system's hostname
sysctl: manages the system's kernel

example:

hostnamectl set-hostname host1 # to set a permanent hostname of the system

sysctl -a # to view all parameters

sysctl <NAME> # to view a selected parameter

systctl -w <NAME>=<VALUE> # set a parameter

systemctl edit <UNIT> # to edit a systemd unit without changing the original unit file. ex: systemctl edit nginx.service

systemctl daemon-reload # to reload a systemd unit and apply any new or changed configurations

Configuration Utilities

systemd-resolved is a background service that manages DNS resolution and caching for the system.
resolvectl is a command line utility for interacting with systemd-resolved.
timedatectl allows managing the system clock, timezone, and NTP synchronization.

Useful commands include:

resolvectl status # to see the status of systemd-resolved service

resolvectl query <HOSTNAME> # to see which ip address a hostname resolve to

timedatectl status # to check the system's clock configuration

timedatectl set-timezone <REGION/CITY> # to set the timezone of the system. ex: timedatectl set-timezone America/Chicago

timedatectl set-time "YYYY-MM-DD HH:MM:SS" # to set the system time

timedatectl set-ntp <true or false> # to set whether NTP should be used in the system or not

Diagnosis and Analysis Tools

systemd-analyze reports total boot time and breaks it down into key stages such as firmware, kernel, and user space. It is useful for troubleshooting slow boot time

useful command:

systemd-analyze # to see the system's boot time

systemd-analyze blame # to list services take the longest to start

systemd-analyze security # to see security analysis of services

August 9, 2025
in Blog, Linux
3 min read

Linux: Software Configuration and Management

Basics

Debian-based systems use apt
RHEL-based systems use yum and dnf
openSUSE systems use Zypper

Package Managers

We use package managers to search, install, configure, update, and remove software in Linux environments.

`apt` - Debian-based systems

apt update to update all package list
apt upgrade to update all packages
apt install <PACKAGE> to install a package
apt remove <PACKAGE> to remove a package
apt show <PACKAGE> to show package details
apt search <PACKAGE> to search for a package
apt purge <PACKAGE> to delete a package and associated file
apt list --installed to show all installed packages
apt clean to clear cached downloaded packages
apt full-upgrade to the system distribution
apt depends <PACKAGE> to show package dependencies
apt rdepends <PACKAGE> to show packages that depend on the selected package
apt-mark hold <PACKAGE> to lock a package at its current version
apt-mark unhold <PACKAGE> to unhold a currently held package
apt-mark showhold to show packages currently on hold

`dnf` - REHL-based systems

dnf check-update to update all package list
dnf upgrade to update all packages
dnf install <PACKAGE> to install a package
dnf remove <PACKAGE> to remove a package
dnf search <PACKAGE> to search for a package
dnf list installed to view all installed packages
dnf clean all to clear cached packages
dnf history to show transaction history
dnf repolist to list enabled repositories
dnf versionlock list to list all locked packages
dnf versionlock clear to clear all locked packages
dnf versionlock add <PACKAGE> to lock a package at its current version
dnf versionlock delete <PACKAGE> to delete a "version locked" package
dnf config-manager --set-enabled <REPO NAME> to enable a repository
dnf config-manager --set-disabled <REPO NAME> to disable a repository

`pacman` - Arch-based systems

pacman -Sy to update all package list
pacman -Su to update all packages
pacman -S <PACKAGE> to install a package
pacman -R <PACKAGE> to remove a package
pacman -Ss <PACKAGE> to search for a package
pacman -Qi <PACKAGE> to view a package details
pacman -Q to list all installed packages
pacman -Sc to clear cached packages

`zypper` - openSUSE-based systems

zypper refresh or zypper ref to update all package list
zypper upgrade or zypper up to update all packages
zypper upgrade <PACKAGE to update a single package
zypper info <PACKAGE to view package details
zypper install <PACKAGE> or zypper in <PACKAGE> to install a package
zypper remove <PACKAGE> or zypper rm <PACKAGE> to remove a package
zypper search <PACKAGE> or zypper se <PACKAGE> to search for a package
zypper patch-check to check for important patches
zypper al <PACKAGE> (add lock) locks a package to prevent it from being updated or removed during system updates
zypper rl <PACKAGE> (remove lock) removes a lock
zypper mr -d (modify repository) to disable a repository

Source Installation

It is a method used to install software when it is not available in repositories or when it requires a custom build.

Installing a software from source usually includes the following steps:

./configure to configure the system
make to build the software
make install to install the newly built software
make clean to remove temporary build files

GNU GPG Signatures

GNU GNU Not Unix. Used to verify the authenticity of software packages, and files

GPG GNU Privacy Guard - is used to encrypt and sign data.

GPG usage

gpg --import <KEY FILE> to import a public key. ex: gpg --import developer_public_key.asc

gpg --verify <SIGNATURE FILE> <PACKAGE> to verify a signed package. ex: gpg --verify my_program.tar.gz.sig my_program.tar.gz

gpg --list-keys to list all trusted keys

August 5, 2025
in Blog, Linux
4 min read

Linux: Processes

Basics

The kernel tags running command with an identifier called PID = Process ID. The kernel also records the relationships between one process, called the Parent Process, and any process it creates by assigning a second number.

Process ID - `PID`

The PID is used by the kernel to allocated system resources to a running command/program.

cat /proc/<PID> to read kernel statistics.

kill -9 <PID> to shutdown a signal

renice -n 10 -p <PID> to lower process priority

strace -p <PID> to trace a process' system calls

PID 1 or systemd is the master process that starts first and is never exited from

ps, ps aux, ps -ef to view PIDs

ps -C <process-name>. pgrep <process-ame> to view specific process

Parent PID - `PPID`

ps -e --forest -o pid,ppid,cmd and pstree -p to PPIDs

When a kill <PPID> signal is sent to a process, all descendent processes receives the same signal.

Orphaned Processes

Orphaned processes are processes with parents that have exited before they finish. They are then adopted by PID 1 and their PID becomes PID 1 and continue running.

Zombie Processes

Zombie processes are processes that completed executing but is still in the process table waiting to be removed by the parent.

Process State

The process state identifies what a process is currently doing. A process can have one of these states:

R = Running: the process is running or ready to run.
S = Sleeping - interrupted: the process is waiting for input or for another event to complete
D = Blocked - uninterrupted: the processed is doing something important and cannot be interrupted
T = Stopped: the process has been manually paused
Z = Zombie: the process has completed and waiting for parent to remove from process table
X = Dead
I = Idle

Process Priority

`nice`

The nice priority command sets the "politeness" (priority) of a process when it competes for CPU time. The value ranges from -20 to 19 (the lowest priority). The default is 0.

nice [-n VALUE] <command> [arguments] to set the priority of a process.

ps -eo,pid,ni,cmd to view the nice value.

`renice`

renice is used to change the nice value of a running process. Only a user with root privileges can set negative nice values.

The generic syntax is renice [-n VALUE] {-p PID | -g PGID | -u user}

renice -n -5 -p 10234 to change tne nice value to -5 for process with PID 10234.

Process Monitoring Tools

`ps` - process status

Give a quick look at what is running in your machine. ps -ef give information about all processes including all attributes. ps aux also list processes with detailed information.

ps -e list every process on the system

ps -a list processes from other users terminals

ps -eo [COLUMNS] to customize which column to show

ps -C <command> to list processes with a specific name. ex: ps -C tar

ps -p <PID> to view a process information

Column	Description
`PID`	Process ID
`PPID`	Parent Process ID
`USER`	Owner of the process
`CMD`	Command used to start the process
`%CPU`	CPU usage
`%MEM`	Memory usage
`VSZ`	Virtual memory size (in KB)
`RSS`	Resident Set Size (physical memory in KB)
`STAT`	Process state (`R`, `S`, `Z`, etc.) + modifiers
`TTY`	Terminal associated with the process
`TIME`	Cumulative CPU time used

top

top provides a live updates of the process table.

SHIFT + P to sort the processes by CPU usage

SHIFT + M to sort the processes by memory usage

top -d [REFRESH INTERVAL] to set the refresh frequency in seconds. ex: top -d 1 to refresh the list every seconds.

htop

Enhanced top.

atop

atop records and stores metrics for later reviews.

Performance Metrics

mpstat tells how busy each CPU core is. It is part of systat package that is a collection of utilities that collect, report, and log essential system performance metrics.

-P cpu targets a single core
-P ALL targets every core

ex: mpstat 3 10 every 3 seconds, print CPU stats. Do this 10 times in a row. or mpstat -P ALL 2 10 to special all CPUs.

pidstat reports CPU, memory, and I/O usage. pidstat is also part of sysstat package.

ex: pidstat 2 shows per process CPU usage updated every 2 seconds.

-u shows CPU usage
-r shows memory usage
-d shows i/o usage
-p <PID> show stats for a specific process

ex: pidstat -u -r -d -p 2345 2 10 shows CPU, memory, i/o activity of process 2345 every 2 seconds for 10 times

Job Control Commands

Ctrl + Z suspends the active process and returns to the shell prompt without terminating the job.
jobs lets you see what jobs you have running in the shell
bg resumes a suspended job in the background. bg %1 resumes job 1 in the background
fg brings a job to the foreground. fg %1 brings job 1 to the foreground
disown %1 removes job 1 from job control from the shell's job table and keeps it running even after the shell exists
kill sends a signal to a job or process to terminate. ex: kill %1 to terminate job 1 or kill 2345 to terminate a job with PID 2345
& runs a command in the background from the start. ex mpstat 2 &
nohup (no hang up). it is like disown but prevents the job from receiving hang up signal from the start. ex: nohup long_job.sh & to start a job, free the terminal for other commands, and continue the job even if the terminal closes.

Job Scheduling

crontab helps run tasks repeatedly at regular intervals, such as every day, week, month... use crontab -e to edit user contrab. ex: crontab -e 0 23 * * * my_script.sh to run my_script.sh every day at 11:00 PM. Use crontab -l to view scheduled jobs.
at helps schedule one time tasks that will run at a specific data and time in the future. ex: at 11:30 AM tomorrow with prompt for the command to run tomorrow at 11:30 am.
anacron ensures scheduled tasks still run even if the computer is turned off when they where originally scheduled to execute.

July 25, 2025
in Blog, Linux
3 min read

Linux: Device Management

Kernel Module Management

Kernel modules allows the extension of a linux system. Linux allows adding and removing kernel modules.

insmod is used to manually install module into the kernel.

modprobe is used to install module with their dependencies.

rmmod is used to remove a module.

`insmod`

insmod requires the full path of the .ko file. It does not resolve dependencies so user is required to make sure that all the dependencies are already present in the system before using insnod to install a module. Ex: insmod /lib/modules/$(uname -r)/extra/custom_module.ko used to install custom_module.ko into the kernel located in /lib/modules/$(uname -r)/extra/ directory. $(uname -r) is used to retrieve the kernel current version. insmod is recommended for specific situation since it does not resolve dependencies.

`modprobe`

modprobe manages kernel modules and automatically handle dependency resolution. It requires only the module name unlike insmod which requires the full path of the module.

Use modprobe <module_name> to load a module in the kernel.

modprobe support multiple options.

-a allows loading multiple modules at once
-r removes a module and its dependencies
-f to force-load a module
-n to perform a dry-run to see eventual events if the module is to be loaded
-v to enable verbose mode

`rmmod`

Allows the removal of kernel modules. It does not check for dependencies. So, if a module is a dependency, rmmod will still remove it without warning. It must be used only if necessary. modprobe -r is convenient for safely removing modules.

`lsmod`

lsmod is used to view loaded modules.

`modinfo`

modinfo is used to view module information. Ex: modinfo mymod.ko

`depmod`

depmod scan all available kernel module and generate a dependency map file that is used by modprobe to load them correctly. It analyzes the directory /lib/modules/$(uname -r)/ to build the list of module dependencies. Running depmod in the terminal updates the depmod.dep file, which list all the dependencies.

To find which module depends on mymod for exemple use the command cat /lib/modules/$(uname -r)/depmod.dep | grep mymod

Harware Information

dmidecode provides information about the hardware from the DMI table (Desktop Management Interface table). It provides details about the BIOS, motherboard, CPU, Memory. dmidecode -t [TYPE] for specific information. Option TYPE could be system, processor, bios, memory, baseboard, chassis, cache, slot.

lscpu provides details about the CPU. Use lscpu -e for details of each core of the cpu

lsmem provides details about the system memory allocation

lspci list PCI-connected devices. PCI=Peripheral Component Interconnect.

lsusb list USB connected devices

lshw List hardware component information. Use lshw -short to get a summary of the report. lshw provide information included in lspci and lsusb.

System Monitoring and Diagnosis Commands

dmesg displays system messages, hardware logs, and boot messages. Use dmesg -TH --level-err --follow to follow system level error messages. It is useful for troubleshooting boot issues and hardware crashes.

lm_sensors is a package used for hadrware monitoring such as CPU temperature, fan speed, voltage level, and more. It provides commands for monitoring sensors via sensors, and watch sensors commands.

ipmitool is a tool for IPMI. IPMI=Intelligent Platform Management Interface.

`initrd` Management

mkinitrd is a tool used in RPM distro to manually create the initial RAM disk. Use mkinitrd [options] <initrd image> <kernel version>. Ex: mkinitrd -f /boot/initrd-$(uname -r).img $(uname -r) to force the creation of a new initrd

dracut is modern and more flexible alternative to mkinitrd. It automates the creation of initramfs images and provides better dependency management. Ex: dracut -f /boot/initramfs-$(uname -r).img $(uname -r) to force the creation of a new initramfs.

July 22, 2025
in Blog, Linux
5 min read

Linux: Directories, Files, and File Contents

Basics

Text editors:

vi
Vim: an improved version of vi (vi and improved). It has 2 modes: execute mode and insert mode.

The i key enables the insert mode.

ESC to exit the insert mode.

: to enter execute mode

:qto quit Vim

:wq to save and quit

:qa to quit without saving

/ to search for text

dd to delete a line

You don't have to be in insert mode to cut and paste texts.

Emacs
gVim: a graphical version of Vim
gedit: GUI based editor used in the GNOME desktop environment
GNU nano: a simple text editor.

CTRL+k to delete an entire lie

CTRL+O to save file

CTRL+x to close a file

Searching for Files

`file`

Very simple tool for finding file data type.

file backup1

`stat`

statprovides detailed information about a file or directory.

stat myfile

`locate`

locate performs a quick search for any specified file names and paths stored in the mlocate database. To use this command type locate [options] <string>. The following options are supported:

-r search for file names using regular expressions
-c display the n umber of matching entries found
-e returns only files that exist at the time of the search
-l Ignore the casing in the names or paths
-n <number of entries> return the first few matches up to the specified number

locate backup to locate anything that contains backup in the name

locate -i backup to make a case insensitive search

locate -ic backup to return only the number of entries found

updatedb is used to build a database of files based on the /etc/updatedb.conf file to update the /var/lib/mlocate/mlocate.db database file. /etc/updatedb.conf contains path that should be excluded. PRUNEPATH is used to specify a path that need to not be included while building the database (ex: PRUNEPATH="/etc"). locate may provide faster result because it is searching from a database. It might also provide inaccurate result because the database can be outdated

`find`

find is also used to search specific location for files and directories that adhere to search criteria. The command looks like find [options] <search locations> <search criteria> [actions]. Ex: find /home/user -type f -name myfile.txt to search in /home/user files with names matching myfile.txt. find command performs live search of the file system and in a specific location.

find / -type d -name 'log' to search from the root directory any directory that has log in its name.

find / -type f -name 'messages to look for files from the root directory when messages in their names.

find /var/log -type f -size +100k to search for files /var/logs with at lease 100kb of size.

find /var/log -type f -mmin -45 to look for files that haven't been updated for the past 45 minutes

find /var/log -type f -size 0 -or -size +100k -and -mmin -45 to locate files with size 0 or greater than 100k and updated within the last 45 minutes

`which`

which displays the complete path of a specified command by searching the directories assigned to the PATH variable. ex: which ssh

`whereis`

whereis is used to display various details associated with a command. ex: whereis ls. The proper way to run this is whereis [options] [directory name] <filename>

Viewing and Searching for content

head to see the beginning of a file. By default it display the fist 10 lines of a file. head [options] <filename>. use -n to specify the number of line to be shown. Ex: head -n 50 /etc/apache2/httpd.conf

tail to see the end of a file. it is useful for monitoring log files. It also displays the last 10 lines of a file. tail [options] <filename>. ex: tail -n 20 /var/log/boot.log. -f allows following changes made to the file.

more to view large files by page. more [options] <filename>. It is often used with a pipe operator to view output of another command. Ex: cat /var/log/syslog | more

less to view large files by page. It is an ehancement of more command with advanced navigation. less [options] <filename>. ex: cat /var/log/syslog | less

awk (Aho, Weinberger, and Kernighan) is a language for pattern matching in structured data.

grep(Global Regular Expression Print) is used to search contents for lines that match a given pattern. grep is a case sensitive command.

cut is used to extract specific sections of a file. It is efficient for column based data.

Counting and Sorting data

wc (word count) counts lines, words, and characters in a text. wc /var/log/error.log

sort sorts data in logical order. sort [options] file. Ex: sort -h prices.txt to sort numbers.

uniq filter out data for duplicates. It is usually combined with sort and | to provide a powerful functionality. ex: sort /var/log/auth.log | uniq -c. Or simply uniq input.txt

xargs (extended arguments) constructs and execute command line from standard input. ex: echo "file1.txt" | xargs cat,

Comparing files

`diff`

diff shows the differences between two files line by line. diff [options] file1 file2

-h ignores changes in the amount of whitespace
-w ignores all whitespace differences
-i makes the comparison case-insentives
-t preserves tab characters
-c, -u show differences in readable format for collaborative environments

ex: diff -i -u config_old.conf config_new.conf

`sdiff`

sdiff displays the differences side by side. sdiff [options] file1 file2

ex: sdiff old.txt new.txt

`lsof` List Open File

lsof show which files are currently open and which processes are using them. lsof [options] [target]

ex: lsof /var/log/syslog

File Links

Linux hard links points to only one file.

A symbolic link is like a shortcut to a file.

Use ln command to create hard and symbolic links. ln [options] <source> <targe>

ln original.conf hardlink.conf to create a hardlink

ln -s original.conf softlink.conf to create a soft or symbolic link

`/dev` directory

/dev stores special files that represent the file system's hardware and virtual devices.

Block Devices

Represents hardware devices that handles data in fixed-sized blocks such as hard drives, SSDs, and USB flash drives.

Character Devices

Represents devices that handle data continuously one character at at time such as serial ports, keyboards, and terminals

Special Character Devices

Help the system with tasks: /dev/null, /dev/zero, and /dev/urandom

July 17, 2025
in Blog, Linux
15 min read

Linux: Storage

Basics

Let's learn how to work with Linux storage and partitions. Storage devices are refered to by Block or Character devices in Linux. Block devices read and write block of data in HDDs and SSDs. Character devices read and write streams of data (keyboard, mice, serail ports).

File system

A file system is a data structure used by the operating system to store, retrieve, and manage files and directories. It also maintains the metadata of the files and directories.

Linux supports different file systems:

FAT: File Allocation Table. Compatible with many operating systems
ext2: A Linux native file system
ext3: A much faster and better file system
ext4: Supports volumes of up to 1 exabyte and a file size of up to 16 terabytes
BTRFS: Supports volumes of up to 16 exabytes and up to 18 quintrillion files in each volume
XFS: A 64-bit efficient and high performance journaling file system.

Other file systems function as network protocols:

SMB: Simple Message Block allows sharing data over a network.
CIFS: Common Internet File System
NFS: Network File System
VFS: Virtual File System

NFS and SMB are not compatible with each other.

Index Node (Inode)

The Inode store metadata about a file or directory on a file system. It does not include the file name or contents. Each file requires one inode. Use the command stat <filename> to view a file's index node. Directories also require inodes. We can run out of inodes before we run out of disk space. When that happen we can no longer create files in the disk. Inode exhaustion occurs when we have lots of small files.

df -i to view inode usage on Linux.

ls -i to view the inode files in a directory.

It is important to monitor inode usage.

Partitions

A partition is a section of the drive that as a separate drive. It allows dividing a drive into smaller and more manageable chunks.

There 3 types of partitions we can use:

Primary partitions. It contains one file system or logical drive also called a volume. The swap file system and the boot partition are usually created in the primary partition. The swap file system is used as memory when the system runs out of memory.
Extended partitions. It contains also multiple logical drives. This partition type does not contain any data and has a separate partition table
Logical partitions. It is partitioned and allocated as an independent unit and function as a separate drive.

fdisk is used to create, modify, and delete partitions on a drive. It supports multiple options. It is used on older systems using MBR with small disks.

gdisk supports GPT partition tables.

parted is used to create, destroy, resize and resize partitions and runs the GNU Parted utility. It is a menu driven interactive tool just like fdisk but modern. It is supports large disks and GPT partition tables. It also allows the resizing of partitions without lost of data.

growpart is a tool used for extending partitions in cloud environment and virtual machines without destroying the data. The generic syntax is growpart <device> <partition number>. ex: growpart /dev/sdb 1 to expand partition 1 on /dev/sdb then resize2fs /dev/sdb1. growpart is part of the cloud-guest-utils (for Debian) and cloud-utils-growpart (for RHEL) package that may need to be installed separately. growpart does not create or delete partitions.

partprobe is used to update the kernel with changes that now exists within the partition table.

mkfs is used to build a Linux file system on a device, which is usually a drive partition. mkfs [options] <device> to run. The other way to use mkfs is mkfs <file system type> [options] <device name>.

fstab stores information about storage devices and partitions and where and how they should be mounted.

The /etc/crypttab file store information about encrypted devices and partitions that must be unlocked and mounted on system boot.

The process of setting up a storage device on a Linux system includes:

Creating partitions using tools like fdisk or parted

fdisk to enter the menu n to select for creating a new partition. Provide the first sector (can be left to the default value) and the last sector to delimit the size of the partition. For example +4096M to imply adding 4Gi of space from the first sector. p to print the information w to write the changes q to quit the menu without saving the changes

Once the partition is create, use partprobe /dev/sdb to inform the kernel of the changes in the partition table.

parted /dev/sdb to enter the menu of GNU parted tool. print to see the partitions in the disk. mkpart to create a new partition. Type primary to select primary as type of partition.

example:

parted /dev/sdb to enter into the menu

mkpart to make a partition. Can also use mkpart PARTITION-TYPE [FS-TYPE] START END to create the partition in one go. ex: mkpart primary ext3 2048M 4096M or mkpart primary ext3 0% 30%

Partition type? primary/extended? primary to specify the type of partition

File system type? [ext1]? ext4 the specify the type of file system (ext1, ext2, ext3, ext4, xfs, ...)

Start? 2048M to set the start of the partition

End? 4298M to set the end of the partition

print to views partitions information

help to view parted commands details

quit to quit parted

Selecting the file system type does not format the partition in the select file system type but let the partition know that it will be formatted with the selected file system.

Formatting the partitions with a file system using tools like mkfs

mkfs.xfs /dev/sdb1 to create a xfs file system on sdb1 partition. You might have to use the -f flag to force the formatting of the partition.

Labeling the partition

For xfs partitions, use:

xfs_admin -l /dev/sdb1 to print out the label.

xfs_admin -L LABEL /dev/sdb1 to label the partition. ex: xfs_admin -L SystemBackup /dev/sdb1 to label the partition sdb1 SystemBackup.

For ext file system we use a different command:

e2label /dev/sdb2 to print out the current label

e2label /dev/sdb2 LABEL to add a label to the partition. ex: e2label /dev/sdb2 DataBackup

Adding the formatted partition to fstab file so it can be configured by the system and run at boot time

/dev is a special file that contains all the devices.

/dev/null, /dev/zero, and /dev/urandom are special character storage devices used in the linux systems.

/dev/null (the Black Hole) is a special virtual device that discards anything that is redirected to it.

/dev/zero (the Zero Generator) is also a special virtual device that returns a null character (0x0000) anytime you read from it.

/dev/urandom (the Pseudorandom Source) is also a special virtual device that returns a randomized series of pseudorandom numbers.

Expanding a partition

lsblk to see all available disks and partitions fdisk /dev/sdb to enter fdisk menu and create a new partition using the n command parted /dev/sdb to enter parted menu for resizing the partition we just created. Run resizepart 1 5GB then quit

Logical Volumes

Partitions are not the only way to divide storage devices logically.

In Linux, Device Mapper creates virtual device and passes data from that virtual device to on or more physical devices. DM-Multipath provides redundancy and improved performance for block storage devices. mdadm is used to create and manage software-defined RAID arrays in Linux. In RAID arrays, data is stored across multiple storage devices, and those devices are presented as a single storage device. Using a RAID array is an alternative for using Device Mapper and DM-Multipath. mdadm tool allows creating, modifying, and managing RAID arrays.

RAID: Redundant Array of Independent or Inexpensive Disks. We have RAID 0, RAID 1, RAID 6, RAID 6, and RAID 10.

Striping combines multiple smaller physical disks to logically act as a single larger disk. ex: combining 2x2Tb disks to form a 4Tb logical disk.
Mirroring combines two physical hard drives into a single logical volume where an identical copy of everything is put on both drives. If one disk fails, the data can be entirely recovered in the second drive because it contains a full copy of the data.
Parity is used in RAID arrays for fault tolerance by calculating the data in two drives and storing the results on a different drive.

RAID 0 (Striping) is great for speed but provides no data redundancy. If one disk fail, the data cannot be recovered. And there is no lost of space.

RAID 1 (Mirroring) each disk contains a full copy of the data. There is a lost of space in this RAID 1.

RAID 5 (Striping with Parity). You must have at least 3 disks to configure a RAID 5. It is more efficient to create RAID 5, in terms of space, than a RAID 1. It is the most populate type of RAID in use in most server environments.

RAID 6 = RAID 5 + RAID 1 (Striping with Dual Party). We can loose up to 2 drives in RAID 6 compared to only one disk in RAID 5.

RAID 10 (Striping + Mirroring). It consists of 2 RAID 1 inside a RAID 0. RAID 10 requires a minimum of 4 drives. There will be a 50% lost of disk space when creating a RAID 10.

/proc/mdstat file is used to get information about the RAID in a Linux system. Use cat /proc/mdstat to read RAID configuration on the system.

mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sd[b-c] to create a software RAID in Linux.

Logical Volume Mapper (LVM)

LVM maps whole physical devices and partitions into one or more virtual containers called volume groups. The volume groups are going to become the storage devices the system, users, and applications are going to interact with. With the LVM we can dynamically create, delete, and resize volumes without having to reboot the system. We can also map multiple logical volumes across multiple physical devices. And we can create virtual snapshots of each logical volumes.

/dev/mapper contains all logical volumes in a system that are been managed by the LVM. Devices in the /dev/mapper directory are usually called /dev/mapper/<volume groupe name>-<logical volume name>

The Logical Volume Manager provide logical volume management tools based on three layers:

Physical volume tools:

LVM physical volumes are raw physical drives or partitions used by LVM.

pvscan scans for all physical devices being used as physical volumes

pvcreate initializes a drive or partition to use as a physical volume

pvdisplay lists attributes of physical volumes

pvchange changes attributes of a physical volumes

pvmove moves data from one physical volume to another without loss of data. Useful when we want to migrate data from one disk to another. pvmove [options] <source pv> [destination pv] ex: pvmove /dev/sdb1 /dev/sdc1 to move data from /dev/sdb1 to /dev/sdc1. --background flag allows running the command in the background. --abort is used to cancel a running move.

pvs displays information about physical volumes

pvck checks the metadata of physical volume

pvremove removes physical volumes. The command will fail if the pv is part of any group.

pvresize to make LVM recognized increased size of physical volumes. ex: pvresize /dev/sdb

Volume group tools:

A volume groups is a pool of storage created from one or more LVM physical volumes.

vgscan scan all physical devices for volume groups

vgcreate creates volume groups

vgdisplay list attributes of volume groups

vgchange changes attributes of volume groups

vgs displays information about volume groups

vgck checks the metadata of volume groups

vgrename renames a volume group

vgreduce removes physical volumes from a group to reduce its size

vgextend adds physical volumes to volume groups

vgmerge merges two volume groups

vgsplit splits a volume group into two

vgremove removes volume groups

Logical volume tools:

A logical volume is a partition created from a volume group that will act as a storage device in the system.

lvscan scans all physical devices for logical volumes

lvcreate creates logical volumes in a volume group

lvdisplay displays attributes of logical volumes

lvchange changes attributes of the logical volumes

lvs displays information about logical volumes

lvrename renames a logical volume

lvreduce reduces the size of a logical volume

lvextend extends the size of the logical volume

lvresize resizes logical volumes

lvremove removes logical volumes

Managing Logical Volumes

ls /dev/mapper to see logical volumes

pvcreate /dev/sdb1 /dev/sdb2 to create a physical volumes

vgcreate backups /dev/sdb1 /dev/sdb2 to create a volume groups

lvcreate --name sysbk --size 4GB backups

lvcreate --name appbk --size 2GB backups

lvcreate --name logbk --size 0.5GB backups

lvscan and lvdisplay will show the 3 newly created logical volumes sysbk, appbk, and logbk in the backups volume group.

So we create a volume group (backups) that groups 2 physical volumes (sdb1 and sdb2). Then we created 3 logical volumes (sysbk, appbk, and logbk) in the volume group.

Let's extend logbk to 1GB:

lvextend -L1G /dev/backups/logbk

Let's reduce appbk to 1GB:

lvreduce -L1G /dev/backups/appbk

Let's file system in the volumes we just created:

mkfs.xfs /dev/backups/sysbk

mkfs.ext4 /dev/backups/appbk

mkfs.ext4 /dev/backups/logbk

Mounting/Unmounting File Systems

File systems have to be mounted before the OS can read or write.

A Mount Point is an access point that is typically an empty directory whre a file system is loaded or mounted to make it accessible to users.

The mount command is used to load a file system to a specify directory to make it accessible to users and applications.

mount [options] <device name> <mount point> to mount a file system. ex: mount /dev/sdb1 /home to mount sdb1 to the home directory.

Mount options:

auto device must be mounted automatically

noauto device should not be mounted automatically

nouser only the root user can mount a device or a file system

user all users can mount a device or file system

exec allow binaries in a file system to be executed

noexec prevent binaries in a file system from being executed

ro mount a file system as read-only

rw mount a file system with read write permissions

sync input and output operations should be done synchronously

async input and output operations should be done asynchronously

remount allows to change a file system options without having to unmount it first. For example changing from rw to ro. Ex: mount -o remount,ro /mnt/data to remount /mnt/data in ro mode.

noatime prevents the application of a timestamp to record file reads. This can improve performance as it reduces disk writes.

nodiratime stops updates for directory access times

flush ensures that all metadata is written on disk

Unmounting a File System

We can use the umount command to unmount a file system. The file system must not be in use when being unmounted.

Use umount [options] <mount point> to unmount a file system.

fstab (File System Table) contains the list of file systems to be mounted, their mount points, and any options that might be needed for specific file systems. We can also use systemd.mount to create a new mount unit to mount a file system.

Filesystem in USErspace (FUSE) lets non-priviledge users create own file systems without editing the underlying kernel code.

Let's mount our logical volumes now:

mkdir -p /backups/sys /backups/app /backups/log to create necessary directories

mount /dev/backups/sysbk /backups/sys

mount /dev/backups/appbk /backups/app

mount /dev/backups/logbk /backups/log

mount will show the associations of volumes and mount points.

umount /backups/log will unmount the volume mounted at backups/log

Mounting Volumes at Boot

Let's make sure that volumes are mounted at boot time. For that we need to manipulate the fstab configuration file.

nano /etc/fstab to start editing the configuration file.

Add all volumes to be mounted at boot time at the end of the file. Ex:

/dev/backups/sysbk /backups/sys xfs 0 0

/dev/backups/appbk /backups/app ext4 0 0

/dev/backups/logbk /backups/log ext4 0 0

Then use mount -a to test the fstab configurations to make sure that all volumes listed can be mounted at boot time.

Managing File Systems

There are a lots of tools and configurations that can be used to manage Linux file systems. For example:

/etc/mtab file reports the status of currently mounted file systems. It looks like the /proc/mounts but /proc/mounts is more accurate and includes more up-to-date information on file systems.

/proc/partitions file contains information about each partition attached to the file system.

lsblk displays information about block storage devices currently available on the system.

lsblk [options] [device name] has multiple options:

-a list empty devices
-r list devices excluding provided output devices
-f display additional information
-l display results in list format
-m display device permission information

blkid prints each block device in a flat format and includes some additional information.

The following are common tools used for managing ext type file systems:

e2fsck used to check for file system issues

resize2fs used to resize ext2, ext3, and ext4 file systems

tune2fs used to adjust various tunable parameters of the ext2/ext3 file systems. it can also be used to add a journal to an existing ext2 or ext3 file system.

dumpe2fs prints the superblock and block group information of the selected device.

Use fsck command to check the correctness and validity of a file system.

A file system superblock contains metadata about the file system, including its size, type, and status. If it becomes corrupted, we must use a tool like fsck to repair it.

The following are tools used to manage xfs file systems:

xfs_info display details about the XFS file system

xfs_admin change the parameters of an XFS file system

xfs_metadump copy the superblock metadata of the XFS file system to a file

xfs_growfs expand the XFS file system to file the drive size

xfs_copy copy the contents of the XFS file system to another location

xfs_repair repair and recover a corrupt XFS file system

xfs_db debug the XFS file system

For scsi devices, use lsscsi to list information about SCSI devices connected to a Linux system.

fcstat is used to interact with and display statistics of Fiber Channel connected devices.

Directory Structure

Directories are containers for other files

Special files are system files stored in the /dev directory.

Links make a file accessible in multiple parts of the system's file tree.

Domain Sockets provide inter-process networking that is protected by the file system's access control

Name pipes enables processes to communicate with each other without using network sockets

Use the command file [options] <file name> to determine the type of file you are working with.

Security Mount Options

nodev prevents the use of special device files. ex: mount -o nodev /dev/sdb1 /mnt/safe or in fstab /dev/sdb1 /mnt/safe ext4 defaults,nodev 0 2. It may be used in /home, /mnt/usb, /var/tmp, and more. It should not be used in /dev

nosuid prevents files from granting extra priviledges when they run. It may be used in /home, /var/tmp, network shares, and removable drives.

noexec prevents a binary program from executing directly from file system even if it has an execute permission. Ex: mount -o noexec /dev/sdb1 /mnt/usb or /dev/sdb1 /mnt/usb ext4 defaults,noexec 0 2(in /etc/fstab). noexec prevents direct execution (ex ./program.sh) but not interpreters' scripts (ex python ./myscript.py)

Network Mounts

NFS: Network File System. Linux to Linux sharing. Syntax: mount -t nfs <server>:/<remote-path> <local mountpoint>. ex: mount -t nfs 192.168.1.2:/shared/data /mnt/shared or in fstab 192.168.1.10:/shared/data /mnt/shared nfs defaults,_netdev 0 0

SMB: Server Message Block. Cross platform sharing. SMB uses CIFS (Common Internet File System) protocol under the hood. Syntax: mount -t cifs //<server>/<share> <local mountpoint> -o username=<user>,password=<pass>. The local mount point is the directory where you want the mount to show once mounted. ex: mount -t cifs //192.168.1.2/shared /mnt/shared -o username=demo,password=vEreaSaCrEat

Troubleshooting Storage Issues

ulimit limits the system resources for a user in a Linux-based server.

ulimit -n 512 limits the number of open files to 512 for a particular user

ulimit -a displays all the current limits

df/du (disk free/disk usage) facilitate storage space tracking. df displays the device's storage space and du displays how a device is used.

df -h to display human readable format of the amount of space in the system

df -h /dev/backups/appbk to see the space in appbk logical volume

du -h /dev/backups

iostat generates reports on CPU and device usage. I can be used to determine issues with iops.

iostat -d /dev/backups/appbk to view the I/O stats of appbk

ioping generates a report of device I/O latency in real-time

ioping -c 4 /dev/backups/logbk to check for latency in real-time

Storage Quota allows managing the storage space per user. Here are tools used to manage storage quotas:

quotacheck -cug <mount point> create quota database file for a file system and check for user and group quotas

edquota -u <username> edit quotas for a specific user

edquota -g <group name> edit quotas for a specific group

setquota -u <username> set quotas for a specific user

setquota -g <group name> set quotas for a specific group

Before using these commands, we have to activate user and group quotas on the file system. To do that, edit the fstab file to add the options usrquota and grpquota to the the relevant file system.

With XFS file system, you can use xfs_admin to configure quotas.

To generate quota reports, use the following the commands:

repquota -a display the reports for all file systems indicated as read-write quotas in the mtab file

repquota -u <username> display the quota report for a particular user

quota -uv <username> display the quota report for a particular user with verbose output

warnquota -u check if users are not exceeding the alloted quota limit

warnquota -g check if groups are not exceeding the alloted quota limit

To troubleshoot a device, start with simple things:

make sure it is powered and recognized by the system by checking the /proc directory
check errors in the configuration files ftab
make sure to reload the config files if changes have been made to them
confirm that there is enough capacity
confirm that I/O is not overwhelming the device
use partprobe to scan for new storage devices and partitions and load them into the kernel
select the appropriate scheduler to optimize performance. ex noop for flash drives. To change the scheduler, change the /sys/block/[sda]/queue/scheduler config file with echo noop > /sys/block/[sda]/queue/scheduler
to prevent user from consumming excessive space, we are going to edit the fstab config file to enable quotas with /dev/backups/appbk /backups/app ext4 defaults,usrquota 0 0. Use edquota -u john to edit the soft and hard limits of the user john.